In-depth security news and investigation

Posts Tagged: Supercomputer Center of the Russian Academy of Sciences

Hardly a week goes by without newsof a cyberespionage attack emanating from China that is focused on extracting sensitive data from corporations and research centers in the United States. But analysis of a recent malware campaign suggests that cyberspies in that region may be just as interested in siphoning secrets from Russian targets.

The Cyrillic text used in the decoy document.

Researchers at Milpitas, Calif. based security firm FireEye say they spotted an email attack of apparent Chinese origin that used Russian language lures to steal data from mostly Russian victims. The email malware campaign embedded a Microsoft Word exploit that displayed a decoy document containing news about a meeting of ASEAN, the Association of Southeast Asian Nations.

According to FireEye’s Alex Lanstein, this campaign had its control infrastructure in Korea and Japan, but clues point to Chinese design and operation. The malicious Word document sample that kicked this off was authored from a Microsoft Windows system that was set to use the language pack “Windows Simplified Chinese (PRC, Singapore). The researchers also say they were able to gain access to the control server used in the attack, which revealed systems logging in from China to check on new victims.

Update, 1:05 p.m. ET: FireEye just published a blog post about this research, which indicates they now believe the likely source of this attack was Korea, not China. The headline to this story has been modified..